Attorney Docket: 2072P 

Amendments to the Claims: . 

This listing of claims will replace all prior version, and listings, of claims in the 
application. 
Listing of Claims: 

1 (Currently amended) A method for controlling access to file on a server over a 
network, the method comprising: 

(a) allowing a content originator to publish a file on a first server and to 
specify what users are authorized to access to file; 

(b) replicating the file from the first server on a second server; 

(c) in response to receiving a URL request from a client for a file from the first 
server, determining if a user of the client has been granted authorization 
to access the file; 

(d) generating a ticket that includes an identifier identifying the particular file 
on the second server if the user has been granted authorization access; 

(e) creating a redirect URL ticket to the file on the second server by 

(i) modifying the client's URL request to identify the second server, 
and 

(ii) augmenting the URL request with the ticket authorizing access to 
the particular file; 

wherein the redirect URL ticket has the form: 

sctieme://servername/..7basedir:paran7efers/subdir/..7file.extension: and 

(f) returning the redirect URL ticket to the client, such that the client uses the 
redirect URL to request the file from the second server. 
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2 (Original) The method of claim 1 further including the step of: 

(g) verifying the ticket on the second server and returning the requested file. 

3 (Original) The method of claim 1 wherein step (c) further includes the step of: using 
a web browser for the client, wherein the web browser has not been customized to 
request tickets. 

4 (Original) The method of claim 1 wherein step (a) further includes the step of: 
allowing the content originator to specify what access privileges each user has with 
respect to the files, the access privileges including read, write, and delete. 

5 (Original) The method of claim 4 wherein step (a) further includes the step of: 
allowing the access controls to be specified before and after the file is replicated onto 
the second server. 

6 (Original) The method of claim 4 wherein step (a) further includes the steps of: 
storing the name of the file in a database along with access privileges specified for the 
file, and when a user makes a request to access the file, looking up the name of the file 
in the database and determining if the user has been granted access to the file. 

7 (Canceled). 

8 (Currently amended) The method of claim 7-lwherein step (e) further includes the 
step of: placing into the URL ticket a path parameter, a start parameter, a use-by 
parameter, an end parameter, a uid parameter, a clientid parameter, a sessionid 
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parameter, a referrer parameter, and a message authentication code (MAC). 

9 (Original) The method of claim 7 wherein step (e) further includes the step of: 
binding a combination of "basedir+path+sessionid" to an IP address of the client at first 
use of the URL ticket. 

10 (Currently amended) The method of claim 9 wherein step (e) further includes the 
step of: verifying the URL ticket as valid when; 

(i) the MAC is correct, 

(ii) a current time is between values of the start and use-by 
parameters, or the "basedir+path+sessionlD" combination has 
previously been used for the same IP address, 

(iii) the "basedir+path+sessionlD" combination has not been used from 
a different IP address, and 

(iv) the URL requests a file that is in a subtree rooted by 
basedir+Tpath. 

1 1 (Original) The method of claim 1 further including the step of: ensuring that only the 
client that was issued the URL ticket can use the URL ticket by 

(i) issuing a transfer ticket from the first server to the client when the 
first server needs to redirect the client to the second server, 

(ii) recognizing by the second server the transfer ticket in a request 
from the client, 

(iii) redirecting the client back to the second server with a URL ticket, 
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and 

(iv) verifying the ticket on the second server and returning the 
requested file. 

12 (Original) The method of claim 1 further including the step of providing a content 
server as the first server and providing at least one replica server as the second server. 

13 (Currently amended) A system for controlling access to file on a server over a 
network, the system comprising: 

means for allowing a content originator to publish a file on a first server and to 
specify what users are authorized to access to the file, wherein files on the first server 
are replicated on a second server; 

means responsive to receiving a URL request from a client for a file from the first 
server for determining if a user of the client has been granted authorization to access 
the file; 

means for generating a ticket that includes an identifier identifying the particular 
file on the second server if the user has been granted authorization access; 

means for creating a redirect URL ticket to the file on the second server by 
modifying the client's URL request to identify the second server, and augmenting the 
URL request with the ticket authorizing access to the particular file , wherein the redirect 
URL ticket has the form: 

scheme://servername/. . . /basedir: oarameterslsubdirl. . Vfile.extension ; and 

means for returning the redirect URL ticket to the client, such that the client uses 
the redirect URL to request the file from the second server. 
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14 (Original) The system of claim 13 further including means for verifying the ticket on 
the second server and returning the requested file. 

15 (Original) The system of claim 13 wherein the client comprises a web browser that 
has not been customized to request tickets. 

16 (Original) The system of claim 13 wherein the content originator specifies what 
access privileges each user has with respect to the files, the access privileges 
including read, write, and delete. 

17 (Original) The system of claim 16 wherein the access controls can be specified 
before and after the file is replicated onto the second server. 

18 (Original) The system of claim 16 wherein a name of the file is stored in a database 
along with the access privileges specified for the file, and when a user makes a request 
to access the file, the name of the file is looked up in the database to determine if the 
user has been granted access to the file. 

19 (Canceled). 

20 (Currently amended ) The system of claim 43-13 wherein the URL ticket includes a 
path parameter, a start parameter, a use-by parameter, an end parameter, a uid 
parameter, a clientid parameter, a sessionid parameter, a referrer parameter, and a 
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21 (Original) The system of claim 20 wherein a combination of 
"basedir+path+sessionid" is bound to an IP address of the client at first use of the URL 
ticket. 

22 (Original) The system of claim 21 wherein the URL ticket is verified as valid when; 

(i) the MAC is correct, 

(ii) a current time is between values of the start and use-by 
parameters, or the "basedir+path+sessionlD" combination has 
previously been used for the same IP address, 

(iii) the "basedir+path+sessionlD" combination has not been used from 
a different IP address, and 

(iv) the URL requests a file that is in a subtree rooted by 
basedir+Tpath. 

23 (Original) The system of claim 13 wherein it is ensured that only the client that was 
issued the URL ticket can use the URL ticket by 

(i) issuing a transfer ticket from the first server to the client when the 
first server needs to redirect the client to the second server, 

(ii) recognizing by the second server the transfer ticket in a request 
from the client, 

(iii) redirecting the client back to the second server with a URL ticket, 
and 
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verifying the ticket on the second server and returning the 
requested file. 



24 (Original) The system of claim 13 wherein the first server comprises a content 
server and the second server comprises at least one replica server. 



25 (Original) A computer-readable medium containing program instructions for 
controlling access to file on a server over a network, the program instructions for: 

(a) allowing a content originator to publish a file on a first server and to 
specify what users are authorized to access to file; 

(b) replicating the file from the first server on a second server; 

(c) in response to receiving a URL request from a client for a file from the first 
server, determining if a user of the client has been granted authorization 
to access the file; 

(d) generating a ticket that includes an identifier identifying the particular file 
on the second server if the user has been granted authorization access; 

(e) creating a redirect URL ticket to the file on the second server by 

(i) modifying the client's URL request to identify the second server, 
and 

(ii) augmenting the URL request with the ticket authorizing access to 
the particular file A 

wherein the redirect URL ticket has the form: 

scheme://servername/. . . /basedir: parameterslsubdlrl. . ./file.extension: and 

(f) returning the redirect URL ticket to the client, such that the client uses the 
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redirect URL to request the file from the second server. 

26 (Currently amended) The computer-readable medium of claim 4-25 further including 
the instruction of: 

(g) verifying the ticket on the second server and returning the requested file. 

27 (Currently amended) The computer-readable medium of claim 4-25 wherein 
instruction (c) further includes the instruction of: using a web browser for the client, 
wherein the web browser has not been customized to request tickets. 

28 (Currently amended) The computer-readable medium of claim 4-25 wherein 
instruction (a) further includes the instruction of: allowing the content originator to 
specify what access privileges each user has with respect to the files, the access 
privileges including read, write, and delete. 

29 (Currently amended) The computer-readable medium of claim 4-28 wherein 
instruction (a) further includes the instruction of: allowing the access controls to be 
specified before and after the file is replicated onto the second server. 

30 (Currently amended) The computer-readable medium of claim 4-28 wherein 
instruction (a) further includes the instructions of: storing the name of the file in a 
database along with access privileges specified for the file, and when a user makes a 
request to access the file, looking up the name of the file in the database and 
determining if the user has been granted access to the file. 
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31 (Canceled). 

32 (Currently amended) The computer-readable medium of claim 7-25 wherein 
instruction (e) further includes the instruction of: placing into the URL ticket a path 
parameter, a start parameter, a use-by parameter, an end parameter, a uid parameter, 
a clientid parameter, a sessionid parameter, a referrer parameter, and a message 
authentication code (MAC). 

33 (Currently amended) The computer-readable medium of claim 7-25 wherein 
instruction (e) further includes the instruction of: binding a combination of 
"basedir+path+sessionid" to an IP address of the client at first use of the URL ticket. 

34 (Currently amended) The computer-readable medium of claim 0-34 wherein 
instruction (g) further includes the instruction of: verifying the URL ticket as valid when; 

(i) the MAC is correct, 

(ii) a current time is between values of the start and use-by 
parameters, or the "basedir+path+sessionID" combination has 
previously been used for the same IP address, 

(iii) the "basedir+path+sessionID" combination has not been used from 
a different IP address, and 

(iv) the URL requests a file that is in a subtree rooted by 
basedir+Tpath. 
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35 (Currently amended) The computer-readable medium of claim 4-25 further including 
the instruction of: ensuring that only the client that was issued the URL ticket can use 
the URL ticket by 

(i) issuing a transfer ticket from the first server to the client when the 
first server needs to redirect the client to the second server, 

(ii) recognizing by the second server the transfer ticket in a request 
from the client, 

(iii) redirecting the client back to the second server with a URL ticket, 
and 

(iv) verifying the ticket on the second server and returning the 
requested file. 

36 (Currently amended) The computer-readable medium of claim 4-25 further including 
the instruction of providing a content server as the first server and providing at least 
one replica server as the second server. 

37 (Original) A URL ticket for redirecting a URL request for a file on a content server 
from a client to a replica server comprising: 

a format in a form of 
scheme://servername/. . . /basedir;parameters/subdir/. . Vf ile.extension. 
where the "scheme" represents "http" or "https," and the "server name" represents a 
DNS name of the replica server, and wherein each parameter in the URL ticket 
includes a parameter name and a value: 

name1=value1;name2=value2; ... 
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38 (Original)The URL ticket of claim 37 wherein the parameters include a path 
parameter, a start parameter, a use-by parameter, an end parameter, a uid parameter, 
a clientid parameter, a sessionid parameter, a referrer parameter, and a message 
authentication code (MAC). 
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